Question

我需要将SNI设置为我的socketFactory。所以我一直在使用班级SSLCertificateSocketFactory。创建套接字时，它为服务器证书提供了sslpeerunverifiedexception，因为没有设置SAN。我可以解决一下如何抑制此异常，并要求它允许创建套接字而不考虑服务器证书吗？

以下是我的代码：

            TrustManager tm = new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain,
                        String authType) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] chain,
                        String authType) throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };

            SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
                    .getDefault(0);

            ssf.setTrustManagers(new TrustManager[] { tm });

            m_sslsocket = (SSLSocket) ssf.createSocket(m_socket, m_host, m_port, false);

Answer 1

使用getInsecure创建SSLCertificateSocketFactory为我工作。它返回一个新的套接字工厂实例，并禁用所有SSL安全检查。

SSLCertificateSocketFactory ssf = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
                    .getInsecure(0, null);

在创建套接字时禁止sslpeerunverifiedexception

1 个答案: